During December 2010 the IC3 discovered that misspellings of an unnamed social network site were being used in a social engineering scheme. Misspelling the domain name of this site redirected users to websites resembling the actual website, a practice known as typosquatting.

Users were then asked to answer three or four simple survey questions, after which they were offered a choice of three free gifts. Gifts included multiple gift cards for major retail stores and various brands of laptops.

After clicking on one of the gifts, users were redirected to other websites to claim their free gift, where they were typically asked to enter their name, address, phone number, and email address. Some victims spent hours filling out multiple surveys and never received a thing, while unwittingly surrendering vital personal information to social engineering scammers.

Unlike most scams, which target consumers, this one uses software to swindle online sellers by generating fake receipts. Known as the "Receipt Generator," this executable file has been observed circulating on hacking forums.

Most online sellers ask buyers to send them a copy of the receipt if there's a problem with the order, and this program generates what appears to be a genuine receipt and a copy of the "Printable Order Summary," including convincing details such as "Total before tax" and "Sales tax." The scammer relies on the seller to accept the printout of the phony receipt at face value, since few, if any sellers expect anyone to go to the trouble of creating a fake receipt.

The IC3 warns sellers to be on the lookout for this scam, which has been targeting merchants on Amazon's marketplace. The receipt generator file has been identified as Hacktool.Win32.Amagen.A.

Malicious Code in White House Email

A recent malware campaign disguised as a holiday greeting from the White House targeted government employees with an email that supposedly included links to a greeting card.

But when recipients clicked on the link, it attempted to download a file named "card.exe," an information-stealing Trojan that disabled computer security notifications, software updates and firewall settings.

The malware also installed itself into the computer's registry, enabling the code to be executed every time the computer was rebooted. The malware also had a low anti-virus detection rate of 20%, with only nine out of 43 security companies reporting detection.

Here's what the email looked like:

From: sender@whitehouse.gov [mailto: sender@whitehouse.gov]
Sent: Wednesday, December 22, 2010 10:33 PM
To: recipient's name
Subject: Merry Christmas, recipient's name
Recipient's name here,
As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we're profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.
Greeting card:
hxxp://xtremedefenceforce.com/card/
hxxp://elvis.com.au/card/
Merry Christmas!
___________________________________________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500